Spamtraps

There have been many articles and myths circulated about Spamtraps and honeypots. Are they following URLs in E-mails or can you identify them by suppressing the inactive ones? What exactly is their purpose? What can you do if you have identified spamtraps in your list and how can you get rid of them?

There are various types of Spamtraps testing different kinds of (bad) behaviour and therefore acting differently. Main types are pristine (only created for the purpose of being a spamtrap) and recycled (those have been an existing address before).

Recycled traps test, if inactive addresses are removed from a list – so it wouldn’t make sense if they would open/click and simulate activity. Those can be tackled by taking care of activity.

For pristine traps – you can easily avoid them by taking care of permissions. They have never been used by a real person and never subscribed anywhere, so they are either “bought”, harvested on websites or generated with an unsecure Opt-in method like Single Opt-In. SOI is not only controversial by legal requirement (the explicit consent to receive E-Mail is very hard to prove by this method), but also offers an easy option, to harm you by entering bad addresses like spam traps in your list without further check. So in the end – it is a big security threat! Our recommendation is the use of Double-Opt-In: Without explicit activation in the welcome mail, addresses are not transferred into your mailing list.

Pristine traps don’t test user activity but permission to send to the given address – and therefore could simulate activity for the reason not to be identified too easily (opening links would not really make sense, because it would undermine Double-Opt-In process, but opening the email and loading images could be possible).

So the key to success and avoiding spamtraps is to follow best practices – only send to addresses with a valid permission (the owner should have proven consent to receive mails by actively [double-]opted in into the list) AND in addition check user engagement and remove inactive addresses from the list.

Share this:

Like this:

Florian Vierke is Senior Deliverability Specialist with over seven years of experience in all areas of E-Mail Deliverability & Abuse Management. Florian is a member of MAAWG, certified senders alliance and competence group email and maintains a regular presence at conventions and fairs like Internet Security days, email expo or dmexco.

0 comments on “Spamtraps”

1 Pings/Trackbacks for "Spamtraps"

[…] spamtraps, when you are reading this blog. There are several posts in regards to spamtraps (e.g. this or this). I also think, that we can all agree, that sending mail to spamtraps is bad. They can get […]